PRTG & Let’s Encrypt (2024)

My original post on configuring PRTG to use a Let’s Encrypt certificate can be found here. In the time since I set that up, the process has changed (for the better). The biggest change is v5.x of Certify the Web (CtW) introduced Deployment Tasks. This means we no longer need to use a PowerShell script to get the certificate files into the right place for the PRTG server.

CtW supports a number of DNS provider APIs to automate the TXT record creation but I’ll still be using CloudFlare. I have a specific article on creating a Cloudflare API token here. Once you’ve created the token, you can create a Stored Credential in Certify. I called mine “Cloudflare API Token” as shown in the Credentials drop-down below. You’ll also need the DNS zone ID (see here)

On the Deployment page in Certify, choose “Certificate Store Only”

On the “Other Options” page in Certify, check Auto-renew is enabled.

You should now be able to test or even request the SSL using Certify. Once issued, if you want to see the SSL in the local certificate store, run MMC.exe from the Start Menu. Click File > Add/Remove Snap-in and pick Certificates in the left hand list, then click Add. You should then be asked which certificates you want to manage – choose “Computer account”, click Next and then go with the default of “Local computer”. Once the snap-in loads, expand the tree and look in Personal for your shiny new SSL certificate.

Now we have a certificate, we need to get it working with PRTG. There’s free tool available from Paessler to do it manually (here) but hey, half the point of doing all this is for things to work without needing to be poked every 90 days! This where the new CtW functionality becomes very useful. On the “Tasks” page of the certificate in CtW, add two tasks.